govulncheck-vulndb (SUSE:Linux Enterprise Module for Package Hub 15 SP6) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Package Hub 15 SP6 package govulncheck-vulndb, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (200)
CVE-2025-41115 — CVSS 10.0 (critical): SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in…
CVE-2025-44005 — CVSS 10.0 (critical): An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain…
CVE-2025-24786 — CVSS 10.0 (critical): WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory `/db`…
CVE-2025-59823 — CVSS 9.9 (critical): Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in…
CVE-2024-9264 — CVSS 9.9 (critical): The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are…
CVE-2024-45387 — CVSS 9.9 (critical): An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin"…
CVE-2025-55190 — CVSS 9.9 (critical): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0…
CVE-2024-56323 — CVSS 9.8 (critical): OpenFGA is an authorization/permission engine. IN OpenFGA v1.3.8 to v1.8.2 (Helm chart openfga-0.1.38 to openfga-0.2.19, docker v1.3.8 to…
CVE-2025-54123 — CVSS 9.8 (critical): Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to…
CVE-2025-54386 — CVSS 9.8 (critical): Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal…
CVE-2025-59360 — CVSS 9.8 (critical): The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this…
CVE-2025-59361 — CVSS 9.8 (critical): The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this…
CVE-2024-39223 — CVSS 9.8 (critical): An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback…
CVE-2024-54148 — CVSS 9.8 (critical): Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain…
CVE-2025-21613 — CVSS 9.8 (critical): go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git…
CVE-2024-28892 — CVSS 9.8 (critical): An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary…
CVE-2024-47832 — CVSS 9.8 (critical): ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker…
CVE-2024-9486 — CVSS 9.8 (critical): A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image…
CVE-2025-59352 — CVSS 9.8 (critical): Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow…
CVE-2025-8077 — CVSS 9.8 (critical): A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the…
CVE-2025-50738 — CVSS 9.8 (critical): The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo…
CVE-2025-59359 — CVSS 9.8 (critical): The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows…
CVE-2025-64443 — CVSS 9.6 (critical): MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or…
CVE-2025-58450: pREST (PostgreSQL REST), is an API that delivers an application on top of a Postgres database. SQL injection is possible in versions prior…
CVE-2025-66410 — CVSS 9.1 (critical): Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at…
CVE-2024-45337 — CVSS 9.1 (critical): Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be…
CVE-2022-45157 — CVSS 9.1 (critical): A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage…
CVE-2017-18883 — CVSS 9.1 (critical): An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low…
CVE-2025-54576 — CVSS 9.1 (critical): OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing…
CVE-2025-54997 — CVSS 9.1 (critical): OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In…
CVE-2024-22036 — CVSS 9.1 (critical): A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root…
CVE-2025-6000 — CVSS 9.1 (critical): A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying…
CVE-2025-21609 — CVSS 9.1 (critical): SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion…
CVE-2025-59345 — CVSS 9.1 (critical): Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The /api/v1/jobs and /preheats…
CVE-2024-0132 — CVSS 9.0 (critical): NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration…
CVE-2025-23266 — CVSS 9.0 (critical): NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could…
CVE-2024-52281 — CVSS 8.9 (high): A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored…
CVE-2024-9313 — CVSS 8.8 (high): Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform…
CVE-2025-61595: MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do…
CVE-2024-25131 — CVSS 8.8 (high): A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the…
CVE-2024-25133 — CVSS 8.8 (high): A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer…
CVE-2025-64751 — CVSS 8.8 (high): OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA…
CVE-2025-22130 — CVSS 8.8 (high): Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to…
CVE-2025-58158 — CVSS 8.8 (high): Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and…
CVE-2024-45340 — CVSS 8.8 (high): Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request…
CVE-2024-55947 — CVSS 8.8 (high): Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH…
CVE-2024-56513: Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and…
CVE-2024-51735: Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting (XSS) occurs on the Osmedues web server when viewing results…
CVE-2024-7558 — CVSS 8.7 (high): JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an…
CVE-2025-24883: go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash…
CVE-2024-11218 — CVSS 8.6 (high): A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition…
CVE-2025-24787 — CVSS 8.6 (high): WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database…
CVE-2024-53263: Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of…
CVE-2025-23267 — CVSS 8.5 (high): NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link…
CVE-2025-24337 — CVSS 8.4 (high): WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.
CVE-2024-45794 — CVSS 8.3 (high): devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user (with minimum permission)…
CVE-2024-10006 — CVSS 8.3 (high): A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass…
CVE-2024-3727 — CVSS 8.3 (high): A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry…
CVE-2024-58259 — CVSS 8.2 (high): A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public…
CVE-2024-13484 — CVSS 8.2 (high): A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy…
CVE-2025-65025 — CVSS 8.2 (high): esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to…
CVE-2024-47534: go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if…
CVE-2024-39720 — CVSS 8.2 (high): An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4…
CVE-2025-65965: Grype is a vulnerability scanner for container images and filesystems. A credential disclosure vulnerability was found in Grype, affecting…
CVE-2025-54424 — CVSS 8.1 (high): 1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5…
CVE-2025-9566 — CVSS 8.1 (high): There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a…
CVE-2024-10005 — CVSS 8.1 (high): A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could…
CVE-2025-58437 — CVSS 8.1 (high): Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and…
CVE-2017-18884 — CVSS 8.1 (high): An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered…
CVE-2024-58267 — CVSS 8.0 (high): A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to…
CVE-2024-22030 — CVSS 8.0 (high): A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack…
CVE-2024-8038 — CVSS 7.9 (high): Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available…
CVE-2025-66411 — CVSS 7.8 (high): Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent…
CVE-2024-35177 — CVSS 7.8 (high): Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across…
CVE-2024-9675 — CVSS 7.8 (high): A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache…
CVE-2025-53534: RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend…
CVE-2025-59341: esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a Local File Inclusion (LFI) issue was…
CVE-2024-10975 — CVSS 7.7 (high): Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through…
CVE-2024-52284 — CVSS 7.7 (high): Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm…
CVE-2025-58355 — CVSS 7.7 (high): Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary…
CVE-2024-58260 — CVSS 7.6 (high): A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can…
CVE-2025-9072 — CVSS 7.6 (high): Mattermost versions 10.10.x <= 10.10.1, 10.5.x <= 10.5.9, 10.9.x <= 10.9.4 fail to validate the redirect_to parameter, allowing an attacker…
CVE-2025-22865 — CVSS 7.5 (high): Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.
CVE-2017-18871 — CVSS 7.5 (high): An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service…
CVE-2018-21258 — CVSS 7.5 (high): An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash…
CVE-2024-10389 — CVSS 7.5 (high): There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows…
CVE-2024-47877 — CVSS 7.5 (high): Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to…
CVE-2024-49380 — CVSS 7.5 (high): Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is…
CVE-2024-49381 — CVSS 7.5 (high): Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is…
CVE-2024-49757 — CVSS 7.5 (high): The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing…
CVE-2024-55196 — CVSS 7.5 (high): Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords…
CVE-2024-7594 — CVSS 7.5 (high): Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and…
CVE-2024-8185 — CVSS 7.5 (high): Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a…
CVE-2024-8901 — CVSS 7.5 (high): The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master…
CVE-2024-9312 — CVSS 7.5 (high): Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names…
CVE-2024-9779 — CVSS 7.5 (high): A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or…
CVE-2025-0377 — CVSS 7.5 (high): HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar…
CVE-2025-21614 — CVSS 7.5 (high): go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in…
CVE-2025-22867 — CVSS 7.5 (high): On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of…
CVE-2025-22868 — CVSS 7.5 (high): An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
CVE-2025-22869 — CVSS 7.5 (high): SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key…
CVE-2025-24366 — CVSS 7.5 (high): SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a…
CVE-2025-54376 — CVSS 7.5 (high): Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not…
CVE-2025-54801 — CVSS 7.5 (high): Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse form…
CVE-2025-58157 — CVSS 7.5 (high): gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing…
CVE-2025-58445 — CVSS 7.5 (high): Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly…
CVE-2025-59348 — CVSS 7.5 (high): Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the processPieceFromSource method…
CVE-2025-59353 — CVSS 7.5 (high): Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS…
CVE-2025-59358 — CVSS 7.5 (high): The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster…
CVE-2025-59531 — CVSS 7.5 (high): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19…
CVE-2025-59537 — CVSS 7.5 (high): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19…
CVE-2025-59538 — CVSS 7.5 (high): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 through…
CVE-2025-59942 — CVSS 7.5 (high): go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison"…
CVE-2025-60638 — CVSS 7.5 (high): An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the…
CVE-2025-61725 — CVSS 7.5 (high): The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large…
CVE-2025-61729 — CVSS 7.5 (high): Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out…
CVE-2025-6203 — CVSS 7.5 (high): A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in…
CVE-2025-66506 — CVSS 7.5 (high): Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3…
CVE-2025-66564 — CVSS 7.5 (high): Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits…
CVE-2025-4953 — CVSS 7.4 (high): A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not…
CVE-2024-38365 — CVSS 7.4 (high): btcd is an alternative full node bitcoin implementation written in Go (golang). The btcd Bitcoin client (versions 0.10 to 0.24) did not…
CVE-2025-13357 — CVSS 7.4 (high): Vault’s Terraform Provider incorrectly set the default deny_null_bind parameter for the LDAP auth method to false by default, potentially…
CVE-2025-53942 — CVSS 7.4 (high): authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In…
CVE-2024-8996 — CVSS 7.3 (high): Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM…
CVE-2024-8975 — CVSS 7.3 (high): Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue…
CVE-2025-23208 — CVSS 7.3 (high): zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db) is an…
CVE-2025-54996 — CVSS 7.2 (high): OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In…
CVE-2024-9180 — CVSS 7.2 (high): A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s…
CVE-2025-64761 — CVSS 7.2 (high): OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity…
CVE-2025-5999 — CVSS 7.2 (high): A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s…
CVE-2025-24371: CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the `blocksync` protocol peers send…
CVE-2024-56362 — CVSS 7.1 (high): Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the…
CVE-2025-58063 — CVSS 7.1 (high): CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL…
CVE-2024-45339 — CVSS 7.1 (high): When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file…
CVE-2025-24355 — CVSS 7.1 (high): Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in…
CVE-2025-24030 — CVSS 7.1 (high): Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with…
CVE-2025-47907 — CVSS 7.0 (high): Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned…
CVE-2025-51667 — CVSS 7.0 (high): An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a…
CVE-2025-8396: Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due…
CVE-2025-6037 — CVSS 6.8 (medium): Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a…
CVE-2025-23216 — CVSS 6.8 (medium): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret…
CVE-2022-47930 — CVSS 6.8 (medium): An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC…
CVE-2024-47616 — CVSS 6.8 (medium): Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium…
CVE-2024-56515 — CVSS 6.8 (medium): Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled…
CVE-2025-5187 — CVSS 6.7 (medium): A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding…
CVE-2025-44779 — CVSS 6.6 (medium): An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.
CVE-2025-0750 — CVSS 6.6 (medium): A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow…
CVE-2023-32197 — CVSS 6.6 (medium): A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege…
CVE-2024-9355 — CVSS 6.5 (medium): A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length…
CVE-2025-59956 — CVSS 6.5 (medium): AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side…
CVE-2025-55001 — CVSS 6.5 (medium): OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In…
CVE-2025-24376 — CVSS 6.5 (medium): kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design…
CVE-2025-21088 — CVSS 6.5 (medium): Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto…
CVE-2025-9076 — CVSS 6.5 (medium): Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows…
CVE-2025-6013 — CVSS 6.5 (medium): Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and…
CVE-2025-47906 — CVSS 6.5 (medium): If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath…
CVE-2024-12678 — CVSS 6.5 (medium): Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted…
CVE-2025-55191 — CVSS 6.5 (medium): Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions between 2.1.0 and 2.14.19, 3.2.0-rc1, 3.1.0-rc1 through…
CVE-2025-60632 — CVSS 6.5 (medium): An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the…
CVE-2024-8037 — CVSS 6.5 (medium): Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with…
CVE-2025-59347 — CVSS 6.5 (medium): Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The Manager disables TLS certificate…
CVE-2025-7445 — CVSS 6.5 (medium): Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs.
CVE-2025-55000 — CVSS 6.5 (medium): OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In…
CVE-2024-44906 — CVSS 6.5 (medium): uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go. The…
CVE-2025-61727 — CVSS 6.5 (medium): An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a…
CVE-2025-23047 — CVSS 6.5 (medium): Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default `Access-Control-Allow-Origin`…
CVE-2025-6014 — CVSS 6.5 (medium): Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity…
CVE-2025-7195 — CVSS 6.4 (medium): Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID…
CVE-2024-9594 — CVSS 6.3 (medium): A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image…
CVE-2025-65026 — CVSS 6.1 (medium): esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, The esm.sh CDN service contains a…
CVE-2024-47067 — CVSS 6.1 (medium): AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go…
CVE-2025-58430 — CVSS 6.1 (medium): listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and including 1.1.0, every http request in…
CVE-2017-18879 — CVSS 6.1 (medium): An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack…
CVE-2024-45336 — CVSS 6.1 (medium): The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an…
CVE-2024-45341 — CVSS 6.1 (medium): A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the…
CVE-2024-10086 — CVSS 6.1 (medium): A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP…
CVE-2024-48057 — CVSS 6.1 (medium): localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it…
CVE-2017-18877 — CVSS 6.1 (medium): An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.
CVE-2025-59941 — CVSS 5.9 (medium): go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification…
CVE-2024-10846 — CVSS 5.9 (medium): The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the…
CVE-2024-49753 — CVSS 5.9 (medium): Zitadel is open-source identity infrastructure software. Versions prior to 2.64.1, 2.63.6, 2.62.8, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 have…
CVE-2025-6015 — CVSS 5.7 (medium): Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault…
CVE-2024-47827 — CVSS 5.7 (medium): Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in…
CVE-2025-55003 — CVSS 5.7 (medium): OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In…
CVE-2021-21411 — CVSS 5.5 (medium): OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The `--gitlab-group` flag…
CVE-2024-50354 — CVSS 5.5 (medium): gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16…
CVE-2025-59342: esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a path-traversal flaw in the handling of…
CVE-2025-13353 — CVSS 5.5 (medium): In gokey versions <0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial…
CVE-2023-22644 — CVSS 5.5 (medium): A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector…
CVE-2025-47910 — CVSS 5.4 (medium): When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended…
CVE-2024-9341 — CVSS 5.4 (medium): A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper…
CVE-2025-59824 — CVSS 5.4 (medium): Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to version 0.48.0, Omni Wireguard SideroLink has the…
CVE-2025-56761 — CVSS 5.4 (medium): Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Memos does…
CVE-2025-59350 — CVSS 5.3 (medium): Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the…
CVE-2024-50312 — CVSS 5.3 (medium): A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized…